Conventionally, there is a technique of, in an electronic device for operating by starting firmware, updating the firmware to have a new function.
If, however, the confidentiality of firmware is lost, even the confidentiality of updated firmware may be similarly lost. Thus, there is a need for further improvement of security.
Therefore, it is an object of an exemplary embodiment to provide a boot program, an information processing apparatus, an information processing system, an information processing program, an information processing method, a semiconductor device, and a program that are capable of improving the confidentiality of a program read from outside, such as firmware.
To achieve the above object, the exemplary embodiment can employ, for example, the following configurations. It should be noted that it is understood that, to interpret the descriptions of the claims, the scope of the claims should be interpreted only by the descriptions of the claims. If there is a conflict between the descriptions of the claims and the descriptions of the specification, the descriptions of the claims take precedence.
In an exemplary configuration of a non-transitory computer-readable storage medium having stored therein a boot program according to the exemplary embodiment, a boot program is executed by a computer of an information processing apparatus before firmware is started. The boot program causes the computer to execute: acquiring identification information of the firmware; and setting usability of a piece of key data in a range corresponding to the identification information, among a plurality of pieces of key data to be used for the firmware.
Based on the above, a boot program to be executed before firmware is started makes a plurality of pieces of key data usable in a range corresponding to identification information of the firmware. Thus, it is possible to ensure the confidentiality of the firmware in accordance with the identification information.
In addition, the boot program may further cause the computer to execute reading the firmware. In this case, in the acquisition of the identification information, the identification information of the read firmware may be acquired.
Based on the above, it is possible to manage the confidentiality of key data using the read firmware.
In addition, in the acquisition of the identification information, identification information of firmware started before a current moment may be acquired.
Based on the above, in accordance with identification information of firmware started before the current moment, it is possible to manage the confidentiality of key data.
In addition, the identification information may be a version set for the firmware.
Based on the above, it is possible to manage the confidentiality of key data using the version of the firmware.
In addition, the plurality of pieces of key data may be different with respect to each version. In the setting of the usability of the piece of key data, among the plurality of pieces of key data, a piece of key data corresponding to a version newer than the acquired version may be set to be unusable.
Based on the above, it is possible to ensure the confidentiality of key data corresponding to the version of new firmware.
In addition, in the setting of the usability of the piece of key data, after the firmware is started, the setting of the piece of key data may not be able to be changed at least from unusable to usable.
Based on the above, after the firmware is started, the setting of key data cannot be changed from unusable to usable. Thus, it is possible to further improve the confidentiality of the key data.
In addition, in the setting of the usability of the piece of key data, among the plurality of pieces of key data, a piece of key data corresponding to the version acquired in the acquisition of the identification information may be set to be usable, and at least one of pieces of key data corresponding to a version older than the acquired version may be set to be usable.
Based on the above, key data to be used to decrypt a program corresponding to an old version can be set to be usable. Thus, it is possible to perform processing such as the decryption of the program.
In addition, in the acquisition of the identification information, identification information described in a header of the firmware read in the reading of the firmware may be acquired as the acquired identification information of the firmware. In the setting of the usability of the piece of key data, the usability of the piece of key data may be set in accordance with the identification information described in the header.
Based on the above, it is possible to manage the confidentiality of the key data using header information of the firmware.
In addition, the boot program may further cause the computer to execute, before the usability of the piece of key data is set in the setting of the usability of the piece of key data, decrypting the firmware corresponding to the acquired identification information, using any of the plurality of pieces of key data.
Based on the above, the firmware is decrypted using the key data of which the confidentiality is ensured. Thus, it is also possible to improve the confidentiality of the firmware.
In an exemplary configuration of an information processing apparatus according to the exemplary embodiment, an information processing apparatus includes: a key data storage memory configured to store a plurality of pieces of key data to be used for firmware; and a computer processor configured to: execute a boot program; acquire identification information of the firmware in accordance with the execution of the boot program; set usability of a piece of key data in a range corresponding to the identification information, among the plurality of pieces of key data; and after the usability of the piece of key data is set, start the firmware corresponding to the acquired identification information.
Based on the above, a boot program to be executed before firmware is started makes a plurality of pieces of key data usable in a range corresponding to identification information of the firmware. Thus, it is possible to ensure the confidentiality of the firmware in accordance with the identification information.
In addition, the computer processor may be further configured to store the identification information of the started firmware in a non-volatile memory. In this case, the identification information stored in the non-volatile memory may be acquired as the identification information of the firmware. The usability of the piece of key data may be set in accordance with the identification information stored in the non-volatile memory.
Based on the above, in accordance with identification information of firmware started before the current moment, it is possible to manage the confidentiality of key data.
In addition, if the identification information stored in the non-volatile memory is updated, the usability of the piece of key data may be reset after the update.
Based on the above, based on identification information updated in a non-volatile memory, it is possible to immediately start the firmware.
In addition, the computer processor may be further configured to, after the firmware is started, encrypt or decrypt input data using the piece of key data set to be usable.
Based on the above, input data other than the firmware is also encrypted or decrypted using the key data of which the confidentiality is ensured. Thus, it is also possible to improve the confidentiality of the input data.
In addition, the computer processor may be further configured to, after the firmware is started, decrypt another program using the piece of key data set to be usable.
Based on the above, a program other than the firmware is also decrypted using the key data of which the confidentiality is ensured. Thus, it is also possible to improve the confidentiality of the program.
In addition, the exemplary embodiment may be carried out in the forms of an information processing system including the above means and an information processing method including the operations performed by the above means.
In addition, in an exemplary configuration of a semiconductor device according to the exemplary embodiment, a semiconductor device includes a processor, a first memory, and a second memory. The first memory stores a boot program. The second memory stores a plurality of pieces of key data. In accordance with execution of the boot program stored in the first memory, the processor is configured to: acquire identification information of firmware; if a plurality of pieces of key data are stored in the second memory, set usability of a piece of key data in a range corresponding to the identification information, among the pieces of key data; and after the usability of the piece of key data is set, start the firmware corresponding to the acquired identification information.
Based on the above, a boot program to be executed before firmware is started makes a plurality of pieces of key data usable in a range corresponding to identification information of the firmware. Thus, it is possible to ensure the confidentiality of the firmware in accordance with the identification information.
In addition, in another exemplary configuration of an information processing apparatus according to the exemplary embodiment, an information processing apparatus, including a memory configured to store an internal program, for executing an external program subsequently to execution of the internal program, includes: a key data storage memory configured to store a plurality of pieces of key data; and a computer processor configured to: acquire the external program from outside the information processing apparatus; acquire identification information of the external program; set usability of a piece of key data in a range corresponding to the identification information, among the pieces of key data stored in the key data storage memory; and after the usability of the piece of key data is set, start the acquired external program.
Based on the above, an internal program to be executed before an external program is started makes a plurality of pieces of key data usable in a range corresponding to identification information of the external program read from outside an information processing apparatus. Thus, it is possible to ensure the confidentiality of the external program in accordance with the identification information.
In addition, in an exemplary configuration of a non-transitory computer-readable storage medium having stored therein a program according to the exemplary embodiment, a program cannot be updated and is executed by a computer of an information processing apparatus before a program that can be updated is started. The program causes the computer to execute: acquiring version information of the program that can be updated; and based on the acquired version information, setting usability of a piece of key data in a range corresponding to the version information, among a plurality of pieces of key data to be used for the program that can be updated.
Based on the above, execution of a program that cannot be updated makes a plurality of pieces of key data usable in a range corresponding to version information of a program that can be updated. Thus, it is possible to ensure the confidentiality of the program that can be updated, in accordance with the version information.
In another exemplary configuration of a storage medium having stored therein a boot program according to the exemplary embodiment, a boot program is executed by a computer of an information processing apparatus before firmware is started. The boot program causes the computer to execute: acquiring identification information of the firmware; based on key data stored in advance in a memory and the identification information, generating new key data; based on the generated key data, decrypting the firmware corresponding to the identification information; disabling generation of key data in the generation of the key data; and starting the decrypted firmware.
Based on the above, a boot program to be executed before firmware is started generates key data for decrypting the firmware in accordance with identification information of the firmware and decrypts the firmware. Further, the function of generating the key data is disabled. Thus, it is possible to improve the confidentiality of the firmware.
In the starting of the firmware, the decrypted firmware may be started after generation of key data is disabled in the disabling of generation of key data.
Based on the above, after the function of generating key data for decrypting the firmware is disabled, the firmware is decrypted. Thus, it is possible to ensure the confidentiality of the key data.
In the disabling of generation of key data, a key generation function in the generation of the key data may be set to be usable only once, thereby disabling generation of key data in the generation of the key data.
Based on the above, the function of generating key data for decrypting the firmware is set to be usable only once, whereby it is possible to ensure the confidentiality of the key data.
In the disabling of generation of key data, after the firmware is decrypted, the key data stored in the memory may be set to be unusable, thereby disabling generation of new key data using the key data.
Based on the above, the key data stored in a memory after the firmware is decrypted is set to be unusable, whereby it is possible to disable the generation of new key data with the confidentiality ensured.
In the disabling of generation of key data, after the firmware is decrypted, access to a unit configured to achieve the generation of the key data may be set to be impossible, thereby disabling generation of key data in the generation of the key data.
Based on the above, access to the function of generating key data is set to be impossible, whereby it is possible to disable the generation of new key data with the confidentiality ensured.
The memory may store a single piece of key data for generating the key data. In this case, in the generation of the key data, based on the single piece of key data stored in the memory and the identification information, new key data may be generated.
Based on the above, it is possible to decrypt a plurality of pieces of firmware different in identification information, using a single piece of key data.
The boot program may further cause the computer to execute disabling the new key data generated in the generation of the key data.
Based on the above, newly generated key data is disabled, whereby it is possible to ensure the confidentiality of the key data.
The boot program may further cause the computer to execute reading the firmware. In this case, in the acquisition of the identification information, the identification information of the read firmware may be acquired.
Based on the above, it is possible to generate key data corresponding to the read firmware.
In the acquisition of the identification information, identification information of firmware started before a current moment may be acquired.
Based on the above, it is possible to generate key data corresponding to identification information of firmware started before the current moment.
The identification information may be a version set for the firmware.
Based on the above, it is possible to generate key data corresponding to the version of the firmware.
In the acquisition of the identification information, identification information described in a header of the firmware read in the reading of the firmware may be acquired as the acquired identification information of the firmware. In the generation of the key data, based on the key data stored in advance in the memory and the identification information described in the header, new key data may be generated.
Based on the above, it is possible to generate key data corresponding to the firmware, using header information of the firmware.
In addition, the exemplary embodiment may be carried out in the forms of an information processing apparatus and an information processing system including the above means and an information processing method including the operations performed by the above means.
In addition, in another exemplary configuration of a semiconductor device according to the exemplary embodiment, a semiconductor device includes a processor, a first memory, and a second memory. The first memory stores a boot program. The second memory stores key data. In accordance with execution of the boot program stored in the first memory, the processor is configured to: acquire identification information of firmware; based on the key data stored in the second memory and the identification information, generate new key data; based on the generated key data, decrypt the firmware corresponding to the identification information; disable generation of key data in the generation of the key data; and start the decrypted firmware.
Based on the above, a boot program to be executed before firmware is started generates key data for decrypting the firmware in accordance with identification information of the firmware and decrypts the firmware. Further, the function of generating the key data is disabled. Thus, it is possible to improve the confidentiality of firmware.
In addition, in another exemplary configuration of an information processing apparatus according to the exemplary embodiment, an information processing apparatus, including a memory configured to store an internal program, for executing an external program subsequently to execution of the internal program, includes: a key data storage memory configured to store key data to be used for the external program; and a computer processor configured to: execute the internal program; acquire the external program from outside the information processing apparatus; acquire identification information of the external program in accordance with the execution of the internal program; based on the key data stored in the key data storage memory and the identification information, generate new key data; based on the generated key data, decrypt the external program corresponding to the identification information; disable generation of key data in the generation of the key data; and start the decrypted external program.
Based on the above, an internal program to be executed before an external program is started generates key data for decrypting the external program in accordance with identification information of the external program and decrypts the external program. Further, the function of generating the key data is disabled. Thus, it is possible to improve the confidentiality of the external program.
In addition, in another exemplary configuration of a storage medium having stored therein a program according to the exemplary embodiment, a program cannot be updated and is executed by a computer of an information processing apparatus before a program that can be updated is started. The program that cannot be updated causes the computer to execute: acquiring version information of the program that can be updated; based on key data stored in advance in a memory and the acquired version information, generating new key data; based on the generated key data, decrypting the program that can be updated corresponding to the version information; disabling generation of key data in the generation of the key data; and starting the decrypted program that can be updated.
Based on the above, execution of a program that cannot be updated generates key data corresponding to version information of a program that can be updated. Thus, it is possible to generate key data corresponding to the version information, and the function of generating the key data is disabled. Thus, it is possible to improve the confidentiality of the program that can be updated.
According to the exemplary embodiment, a plurality of pieces of key data are made usable in a range corresponding to identification information of firmware or identification information of an external program read from outside. Thus, it is possible to ensure the confidentiality of key data in accordance with the identification information.
These and other objects, features, aspects and advantages of the exemplary embodiments will become more apparent from the following detailed description of the exemplary embodiments when taken in conjunction with the accompanying drawings.